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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 25 April 2006 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-18 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) g] Claim(s) 1-18 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 
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1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 
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application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

The application having Application No. 10,088,034 has a total of 18 claims 
pending in the application; there are 3 independent claims and 15 dependent claims, all 
of which are ready for examination by the Examiner. 

When responding to the Office action, Applicant is advised to clearly point out the 
patentable novelty the claims present in view of the state of the art disclosed by the 
reference(s) cited or the objection made. A showing of how the amendments avoid 
such references or objections must also be present. See 37 C.F.R. 1.111(c). 

Response to Arguments 

Applicant's arguments filed 4/25/06 have been fully considered but they are not 
persuasive. Applicant argues that the reference, Mi, fails to teach or suggest rate 
limiting. The applicant, however, does not argue how the limitation in claim 1 ("applying 
a rate limit) is patently distinct from Mi (Fig. 3, step 350 "Return value arrive within the 
set time period"). Applicant uses a rate limit as a time variable to restrict access to a 
particular server, namely to deny access if too many requests are given over a set 
period of time. The reference, Mi, uses a time variable as well to restrict access to a 
particular server, namely to deny access if a value is not returned over a set period of 
time. The applicant is reminded that the Examiner has the right to view claim terms as 
presumed to have the ordinary and customary meanings attributed to them by those of 
ordinary skill in the art. Sunrace Roots Enter. Co. v. SRAM Corp., 336 F.3d 1298, 1302, 
67 USPQ2d 1438, 1441 (Fed. Cir. 2003); Brookhill-Wilk 1, LLC v. Intuitive Surgical, Inc., 
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334 F.3d 1294, 1298, 67 USPQ2d 1132, 1136 (Fed. Cir. 2003) ("In the absence of an 
express intent to impart a novel meaning to the claim terms, the words are presumed to 
take on the ordinary and customary meanings attributed to them by those of ordinary 
skill in the art.") The applicant merely restates the claim language in the independent 
claims as well as portions of the specification. As such, the rejection is maintained. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this 
title before the invention thereof by the applicant for patent. 

Claim 1-18 rejected under 35 U.S.C. 102(e) as being anticipated by Mi et al., 
U.S. Patent No. 6,418,472 B1; filed on January 19, 1999 and patented on July 9, 2002. 

As per claim 1, 16 & 17, an access control method, including: receiving an initial 
access request for a service from a data processing apparatus (Fig. 3, step 300); 
sending unique identification data to said apparatus in response to said initial access 
request (Fig. 3, step 320); and applying a rate limit for verifying access to said service 
until said identification data is verified by a user of said apparatus (Fig. 3, step 350). 

As per claim 2, an access control method as claimed in claim 1, wherein verifying 
said identification data corresponds to a first level of access control, and said method 
includes applying at least one additional level of access control following a 
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predetermined number of failed attempts to verify said identification data by said user of 
said apparatus (col. 11, lines 8-35; second factor for access can be requested prior to 
permitting the user to log-in). 

As per claim 3, an access control method is claimed in claim 2, wherein said 
identification data is a random unique security code and said apparatus is sent an 
unique identification number which expires if the security code is not verified within a 
predetermined period of time (Fig. 3, steps 300, 320, 350). 

As per claim 4, an access control method as claimed in claim 1 , wherein said 
identification data is verified by contacting a device with a known association to said 
user and said data processing apparatus, and having said user provide said 
identification data using said device (Fig. 3, steps 330, 340). 

As per claim 5, an access control method as claimed in claim 1 , wherein said 
identification data is verified by said user returning said identification data using 
communication means having a known association to said user and said data 
processing apparatus (Fig. 3, steps 330, 340). 

As per claim 6, an access control method as claimed in claim 2, wherein said at 
least one additional level includes detecting generation of access requests for said 
service under control of a program instead of under control of said user (col. 1 1 , lines 8- 
35; "enables a server to track usage patterns, the server can be programmed to trigger 
a particular response..."). 

As per claim 7, an access control method as claimed in claim 2, wherein said at 
least one additional level of access control includes sending communication software to 
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said apparatus to receive access requests for said service under an additional 
communication protocol (Fig. 6). 

As per claim 8, an access control method as claimed in claim 7, wherein said 
communication software encrypts said access requests (col. 9, lines 43-60). 

As per claim 9, an access control method as claimed in claim 2, including 
invoking sequentially the levels of access control depending on the number of failed 
attempts to verify said identification data by said user for access requests over 
predetermined periods of time (col. 11, lines 8-35). 

As per claim 10, an access control method as claimed in claim 6, wherein said at 
least one additional level of access control includes sending communication software to 
said apparatus to receive access requests for said service under an additional 
communication protocol and wherein said verifying of said identification data is a first 
level of access control, said detecting is a second level of access control, and said 
sending of said communication software and execution of said additional 
communication protocol is a third level of access control (col. 11, lines 8-35; Fig. 3-6). 

As per claim 1 1 , an access control method as claimed in claim 10, wherein said 
at least on additional level of access control includes a fourth level of access control 
involving locking all access requests by said data processing apparatus (Fig. 3-6, steps 
"Client not give access to object" or "Access Denied"). 

As per claim 12, an access control method as claimed in claim 11, wherein said 
blocking involves denying all access requests that include address data that 



Application/Control Number: 10/088,034 Page 6 

Art Unit: 2132 

corresponds to said data processing apparatus (Fig. 3-6, steps "Client not give access 
to object" or "Access Denied"). 

As per claim 13, an access control method as claimed in claim 12, wherein the 
address data is an IP address or segment (Fig. 6, step 640; blocking access includes to 
the data, user, ID, IP, segment, class etc.). 

As per claim 14, an access control method executed by a computer system, 
including: 

applying an access rate limit until a user issuing access requests is verified (Fig. 
3, step 300); 

a first control level involving verifying said user (Fig. 3, step 350); 

a second control level applying hack program detection tests to said access 
requests and verifying said user (Fig. 3, step 360/370; also col. 1 1 lines 12-16); 

a third control level requiring use of predetermined download software for 
transmitting said access requests and verifying said user (Fig. 6, step 620); 

a fourth control level blocking access to said service on the basis of at least one 
communications address corresponding to said access requests (Fig. 6, step 640); and 

invoking said control levels sequentially depending on a number of failed 
attempts to verify said user (col. 1 1 , lines 8-35). 

As per claim 15, an access control method as claimed in claim 14, wherein said 
user is verified by contacting a device with a known association to said user and said 
data processing apparatus, and having said user provide identification data using said 
device (col. 11, lines 58-65; public key). 
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As per claim 18, an access control system, including: an access control server 
for receiving access requests for a service from a data processing apparatus, rate 
limiting access to the server until a user of said apparatus is verified, and sending to 
said data processing apparatus unique identification data (Fig. 6, also see col. 9 & 10 
for further description); and an IVR for contacting a device having an association with 
said data processing apparatus, issuing a request for said identification data, and 
providing the data received in response to said request to said access server in order to 
verify said user (Fig. 6, also see col. 9 & 10 for further description). 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications should be 
directed to Nima Khomassi whose telephone number is (571) 272-3775. The examiner 
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can normally be reached Monday-Friday from 8:30 AM to 5:00 PM. If the examiner is 
unavailable, Applicant is advised to leave a voicemail message which will be returned 
by the next business day. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron Jr., can be reached at (571) 272-3799. 

The fax number for Formal or Official faxes to Technology Center 2100 is 571- 
273-8300. On July 15, 2005, the Central Facsimile (FAX) Number changed from 703- 
872-9306 to 571-273-8300. As of September 15, 2005, the former is no longer in 
service; the latter is the only facsimile number recognized for centralized delivery. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have any questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Nima Khomassi 
June 19, 2006 
Art Unit #2132 
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